From 83bfc1d808e63691b2f3081f903aa05684c379b6 Mon Sep 17 00:00:00 2001 From: Giuseppe Bilotta Date: Sat, 26 Aug 2006 21:41:02 +0000 Subject: script eval: unsafe, undocumented, not permitted by default --- data/rbot/plugins/script.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'data') diff --git a/data/rbot/plugins/script.rb b/data/rbot/plugins/script.rb index ff45df0b..e2669088 100644 --- a/data/rbot/plugins/script.rb +++ b/data/rbot/plugins/script.rb @@ -59,6 +59,7 @@ class ScriptPlugin < Plugin user = args.empty? ? m.sourcenick : args.first Thread.start { + # TODO allow different safe levels for different botusers $SAFE = 3 begin @@ -72,6 +73,20 @@ class ScriptPlugin < Plugin end + def handle_eval( m, params ) + code = params[:code].to_s.dup.untaint + Thread.start { + # TODO allow different safe levels for different botusers + begin + eval( code ) + rescue => e + m.reply( "Script '#{name}' crapped out :(" ) + m.reply( e.inspect ) + end + } + end + + def handle_add( m, params, force = false ) name = params[:name] if !force and @commands.has_key?( name ) @@ -140,10 +155,12 @@ end plugin = ScriptPlugin.new plugin.register( "script" ) plugin.default_auth( 'edit', false ) +plugin.default_auth( 'eval', false ) plugin.map 'script add -f :name *code', :action => 'handle_add_force', :auth_path => 'edit' plugin.map 'script add :name *code', :action => 'handle_add', :auth_path => 'edit' plugin.map 'script del :name', :action => 'handle_del', :auth_path => 'edit' +plugin.map 'script eval *code', :action => 'handle_eval' plugin.map 'script list :page', :action => 'handle_list', :defaults => { :page => '1' } plugin.map 'script show :name', :action => 'handle_show' -- cgit v1.2.3